December 15, 2008

It’s been bitterly cold here in Minneapolis for the last few days, so this job offer actually seems appealing 🙂

If the snow and ice storms hitting some parts of the country don’t faze you, how about working in the snow – in the Antarctic. According to a job ad sent in by a longtime reader, Raytheon wants to send network engineers to the South Pole to work on the National Science Foundation’s United States Antarctic Program. The government contractor is looking for Cisco-certified professionals, including CCIEs, CCNPs, CCDAs, and CCDPs with experience of SONET, ISDN and Frame Relay, to work with the Raytheon Polar Services Company. Raytheon provides services including science, operations, logistics and IT to three Antarctic locations.

According to the ad on Dice.com, the contract position offers a compensation package that includes travel to and from the ice, and room and board.

September 15, 2008

I absolutely hate business jargon. I’m talking about stuff like “We need to socialize our mission to leverage synergies across the enterprise and quantize parter results from which we can workshop outside-the-box solutions.” Whenever I hear shit like that I do two things: 1) stop listening, and 2) mentally flag this person as a clueless jackass. I learned early on not to ask “what the hell is a synergy?” because you’ll lose the next fifteen minutes of your life listening to another business jargon filled fluff statement or you’ll get a suggestion to read some craptacular business tome. Either way, you will never get a straight answer – most likely because the jackass braying this garbage doesn’t really know what it means either.

Here’s a conversation I recently had with my manager:

“Why are we doing this?”
“We are doing this to reduce the unefficatism of the processization…”
“That’s not a word.”
“What’s not a word?”
“‘Unefficatism.’ ‘Unefficatism’ is not a word.”
“Yes it is.”
“Show me the definition of ‘unefficatism’.”
“I don’t have a dictionary.”
“You have a desktop, a laptop, and a phone that all have an Internet connection. Can’t you leverage that toolbox to socialize the definition to me?”
“It IS a word!”
“Google says that it isn’t and is asking if you mean ‘unificationism’. Do you mean ‘unificationism’? If so, I am not comfortable discussing religion with you.”
“Irregardless of whether you think…”
“That’s not a word either.”

That’s not to say that those of us on the techical side of the fence don’t use a lot of jargon – not to mention abreviations and acronyms. I like to think that we try to do this to convey precise meaning and not to try to ‘impress’ others with our vocabulary. When a biologist says something like “Evolution is any change in the frequency of alleles within a gene pool from one generation to the next” it’s not because they want to impress you with their vocabulary, it’s because those words have a very specific meaning. If I’m talking to a networking collegue I might drop something like “EIGRP isn’t installing the route as a Feasable Successor” but I would convert that to “the router is not using both paths” when talking to someone who is not expected to know networking.

The office of San Francisco District Attorney Kamala Harris has made public close to 150 usernames and passwords used by various departments to connect to the city’s virtual private network.The passwords were filed this week as Exhibit A in a court document arguing against a reduction in US$5 million bail in the case of Terry Childs, who is accused of holding the city’s network hostage by refusing to give up administrative networking passwords. Childs was arrested July 12 on charges of computer tampering and is being held in the county jail.

Though they placed the passwords in the public record, city prosecutors do seem to think that they are sensitive.

The passwords, discovered on Childs’ computer, pose an “imminent threat” to the city’s computer network, according to the court filing. Childs could use the names and passwords to “impersonate any of the legitimate users in the City by using their password to gain access to the system,” the motion against the bail reduction states.

Although the DA’s office did not say what the passwords were used for, a source familiar with the situation said that they are for logging into the city’s virtual private network, and that this type of information is something that a network administrator like Childs would be expected to have.

Posting these passwords in public creates a security risk, although the passwords are not enough to give a criminal access to the city’s VPN. The passwords are so-called “phase one” passwords, and must be combined with a second password to access the network, the source said.

I’m not going to pretend to be a security expert, but even if these area only “phase one” passwords, I would think that it would give hackers a nice leg up on their work. Why do I get the feeling that the “phase two” password is just NT authentication? 🙂

Of course, even the most half-assed IT department would have required that all users change their passwords once the whole Terry Childs drama began, so everything should be alright, right? 😉

July 23, 2008

If you haven’t been following the story of the San Francisco network engineer, here’s the backstory: a CCIE working for the city of San Francisco set up the FiberWAN network with himself as the only person who had access to the network equipment. After a dust-up with his boss, he refused to disclose the password to access the FiberWAN routers. Even though he was arrested and facing years in prison, he refused to disclose the password….until the mayor paid him a visit.

After a weeklong standoff with a city employee accused of hacking into San Francisco’s government computer system, Mayor Gavin Newsom gained the suspect’s password after a rare jailhouse visit, according to authorities.

Newsom apparently made a secret jailhouse visit to Terry Childs, 43, who is charged with hacking the city’s computer system and creating a secret password that gave him virtually exclusive access to most of the city’s municipal data.

While in jail and held on $5 million bail, Childs initially refused to reveal the password that would give full access to the network back to city employees, city officials said. But that changed when Newsom agreed to meet Childs on Monday.

The mayor “figured it was worth a shot, because although Childs is not a Boy Scout, he’s not Al Capone either,” Newsom spokesman Nathan Ballard told the San Francisco Chronicle.

The meeting was apparently arranged without the district attorney’s knowledge. Several calls to the DA’s office were not returned.

Childs, an employee of the city’s Department of Technology, pleaded not guilty in court last week to four counts of computer network tampering.

July 19, 2008

There’s a very interesting article about the ongoing ruckus over the San Francisco Network Engineer who – although under arrest and facing the possibility of years in jail – has told his (former) employers to get bent. He set himself up with sole access to the city’s FiberWAN network and is not giving up his login info. Give it a read during your study downtime. I’ve included some of the more interesting bits below:

It seems that Terry Childs is a very intelligent man. According to my source, Childs holds a Cisco Certified Internetwork Expert certification, the highest level of certification offered by Cisco.

The routing configuration of the FiberWAN is extremely complex. Probably more so than it ought to be; I sometimes got the feeling that, in order to maintain more centralized control over the routing structure, [Childs] bent some of the rules of MPLS networks and caused problems for himself in terms of maintaining the routing.

Because the system was so complex (and also because he didn’t involve any of the other network engineers in his unit), Terry was the only person who fully understood the FiberWAN configuration. Therefore, to prevent inadvertent disruption of this admittedly critical network, he locked everyone else out. I know most of the networking equipment … does use centralized AAA, but I get the impression he may have configured the FiberWAN equipment for local authentication only.

This is where it gets tricky for the prosecution, IMO, because the localized authentication, with Terry as sole administrator, has been in place for months, if not years. His coworkers knew it (my coworkers and I were told many times by Terry’s coworkers, “If your request has anything to do with the FiberWAN, it’ll have to wait for Terry. He’s the only one with access to those routers”). His managers knew it.

Terry also, obviously, had a terrible relationship with his superiors. I should point out that he’s not just a network engineer — he was the lead network engineer for the entire City. His bosses were all managerial rather thantechnical, and while the other engineers did not actually report to Terry, they did defer to him in any technical matters. Even the network architect left it to Terry to actually figure out implementation. Terry felt that his direct superior was intrusive, incompetent, and obstructive, and that the managers above him had no real idea of what was going on, and were more interested in office politics than in getting anything done.

Later in the e-mail, my source offered some insight into what may be at the core of the issue: Childs was so paranoid about the security of the network that he even refused to write router and switch configs to flash, which would mean that if the device was powered off, all configurations would be lost.

At one point he was concerned about the security of the FiberWAN routers in remote offices, so he had them set up without saving the config to flash. “If they go down, I’ll get alerted, and connect up to them and reload the config.” Great, except we have power outages all the time in this city, some of those devices aren’t on UPSs, and what happens if you’re on vacation? And what about the 15 to 60 minutes it might take you to connect up and reload? He eventually conceded and (ahem) decided that disabling password recovery was sufficient security.